Date: Sat, 20 May 2000 00:36:40 +0200 (CEST) From: Joshua Goodall <joshua@roughtrade.net> To: "Mark W. Krentel" <krentel@dreamscape.com> Cc: archie@whistle.com, freebsd-ipfw@FreeBSD.ORG Subject: Re: rc.firewall rule 200 Message-ID: <Pine.BSF.4.21.0005200033510.45886-100000@juice.shallow.net> In-Reply-To: <200005160016.UAA02420@dreamscape.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 May 2000, Mark W. Krentel wrote: > Ok, good point. But this attack can only be launched from one hop > away, right? A legitimate machine would not forward a packet destined > for 127.0.0.1, so the attacker has to be one hop away. On a typical cable modem network that's still a great many "potentially hostile" hosts. > So, don't you also want to block spoofing of 127.0.0.1? I don't know about others on this list, but I'm taking your suggestion and adding it to my ruleset. Caveat emptor applies of course, but nothing broke immediately. - J To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005200033510.45886-100000>